After Snowden, can technology save our digital liberties?

In this wide-ranging
interview with human rights lawyer and former Privacy International head of
advocacy Carly Nyst, we discuss surveillance politics, radical thinking, and
human rights on the internet.

Rosemary Bechler (RB):I’m absolutely delighted to have Carly Nyst with us this morning for a
discussion. Carly was head of advocacy at Privacy
International until the end of 2015, and now she is a freelance
advisor to many of the bodies that we look to, to try and monitor government
and hold them to account under these circumstances.

I’d like to look back a little to contextualise where we are now, with your help. One rather crude way of doing
this is to say that in 2013 you wrote a piece about data analysis in the developing world
for us, saying “forget blood diamonds”. It was all too easy for
developing countries to think that data analysis had “the potential to
accelerate economic growth, catalyse innovation”, but in fact, look closer and there were all sorts of political challenges in defending individual
rights. It strikes me that at that point you must have assumed that in the
developed world we would be able to establish those rights for ourselves, and that it might be the developing world that would be stuck with the problem. Today, with the UK Investigatory Powers bill well under way, what is your
thinking on that?

Carly Nyst (CN): That’s
really interesting. I think that there was a feeling in around 2011-2013, prior
to the Snowden revelations, that the protections around digital technologies in
the ‘west’ – for want of a better word – were miles ahead of those in
the developing world. And particularly with the Arab Spring and the way
we saw surveillance technologies being used by Tunisia, Libya and Egypt during
that period, there was a very strong sense in the EU at least that this was an
illustration of how a lack of legal regulation and strong judicial oversight in
the developing world had led to these really strong, really outrageous
oversteps when it comes to surveillance.

Then of course, one year later, we saw that the reality of
what is happening in the west matches the type of surveillance happening in
those countries. So I think that was a unique moment, writing then, when we didn’t understand the depth of government intrusion into privacy via
digital technologies that was happening in the EU and in north America. I say that we didn’t understand, but I think there were many people who
did suspect this. There just wasn’t strong evidence of that. So there seemed at
the time to be a mismatch.

The other thing to say is that there is something
unique about the way these debates are being held in the developing world and
the global south that contrasts them particularly to Europe – maybe
more so to continental Europe than here in the UK. I definitely see a
division between British attitudes as
illustrated by the government, not necessarily by the people, and continental
European attitudes to privacy and the internet.

But when you look at the global south, you see a very fast adoption of mobile
technology and a number of other technologies that is not accompanied by
regulation and by the same degree of institutional mechanisms that exist here
in Europe. Biometrics, for example, you see in a great many places in west
Africa, which is where I have spent time recently. You see mobile money, the
use of mobile phones for a range of different things, and very poor or absent
regulation across the board. So there is still a gap between the developing
world and the global north, but I wouldn’t be so naïve any more as to say that
things are far better here than they are there, because certainly that’s no
longer the case.

RB:Edward
Snowden then proceeded to transform that whole world of
perceptions. The next time we hear from you is in 2014 when you’re hoping that the UN
High Commissioner for Human Rights, Navi Pillay, will get somewhere by taking a
defiant stand against the Five Eyes intelligence-sharing agreement.

Since then,
we’ve been placing our hopes on various stages. But at each stage, this seems to slip out from under us in some
way. And to ask you a very direct, personal question, have you given up? Is
that why you stopped being head of advocacy at Privacy International. Have you just become a little wearied as a human rights activist and lawyer in this field?

CN: I want to
respond to that with a positive approach, but I will admit that I have a
feeling – and I think that others who have worked in this field for the past
five years have a feeling – that we are slightly wearied. It does feel that
every advancement is met with a new intrusion or a setback. I personally feel
that the experience with the UK Investigatory Powers bill – though I won’t
claim to have been doing a lot of the advocacy around it – has been a somewhat
disappointing, if not soul-destroying one. To see that processes of reform have
taken this arc: where we had Snowden, we had initial denials, then we had
gradual acceptance and gradual willingness to engage on the part of the
government, willingness to commission enquiries. We had some court decisions,
we had some reports published that vindicated Snowden’s claims. We had the
government concede that they would adopt a new law, and then for that law to
come back and enshrine the very outrageous practices that we had expressed
concern about at the beginning does feel somewhat…

RB:… adamantine? And of course if we just push at that a little bit, it’s interesting
because what Snowden did achieve, I think, was that there was a public identification with whistle-blowers, that the argument did shift
in favour of people wanting to interrogate governments, and not entirely
trusting what they did. So one thought there would have to be some response, on
some level of government, and that’s what makes this stage so peculiar.

CN: Exactly. But, we have to take the long view. We have to think that this is how history
develops and change occurs: to have things brought into the light, and then, to
be expected, a government pushback on greater transparency, greater
accountability. I hope that when we look forward ten years, we can see these patterns emerging, we can see the changes from a position of distance.

For example, yesterday, GCHQ launched its first Twitter
account, and has also completely revised its website. They’re on the PR
offensive. Now, there wasn’t even an official admission that they existed some
decades ago! Even three or four years ago, they were absolutely responding with closed circles and clamped mouths to the Snowden revelations. They’re now
trying to make efforts to sell their own institution. You have to look from a
long-term view, you have to say that this is an increase in transparency. It’s
enabling the British public to have greater scrutiny, and an engagement with
their security services. That is a gain in itself. So I think it’s very easy to
get bogged down in the constant setbacks and challenges, but it’s also
important to take a step back and look at some of the gains we’ve had.

RB:Before we
get too optimistic, just let me ask you about the conclusion from one of my
favourite articles on this on openDemocracy, by Didier Bigo. He wrote us a
piece called “The paradox at the heart of the Snowden revelations”,and he ends his article calling for the
need to create a “European or international oversight committee, with specific
powers of enquiry in the case of severe breaches of human rights
(extra-judicial killing and torture, for instance), coordinating different
national oversight bodies.” This is partly because he’s been arguing that
some of the oversight bodies that we now see being put in place, rather publicly,
are actually doing the sort of counter-job of making damn sure that the
intelligence and secret services don’t get pushed to be accountable in certain
areas. So he’s saying ‘no, we need something international’.

He then concludes: “If these changes are not made, the Snowden
disclosures will have served only to reinforce one thing: the intrusiveness of
global surveillance.” He is suggesting that paradoxically what we’ve managed to do is get the
‘chilling’ effects to start to work, but without the reassurances that we’re
going to be able to fight back. So I hope we’ll now take some time to discuss how the response by expert bodies and the NGOs, the watchdogs and the
whistle-blowers, might adopt a more sophisticated approach to the fight
back.

CN: I would slightly
disagree with Didier’s conclusion that if we don’t see the establishment of
such a mechanism then the only outcome of the Snowden revelations will be to
entrench the chilling effects. The rule of law is based on the people knowing
what the government is doing and accepting that, and to the extent that about
three years ago, the government would make no admission, let alone try to
justify the fact that it was doing such invasive surveillance techniques, now
we see somewhat frightening frank justifications of those same techniques.

RB:I remember you
talking about how one day they didn’t admit to hacking, and the next
day they passed a law which said it’s okay to hack....

CN: I think that is
the pernicious thing about the law, that it can serve to justify and legitimise things that were previously done in the shadows. When they’re out in the open
they’re now legitimised. On the other hand that’s why we have the rule of law.
But once these things are regulated, once they’re out in the public, the people
are better able to scrutinise. And again, taking the long view, we might not
immediately see that happening.

But even if the Investigatory Powers bill passes as currently
written (frighteningly), I think that will serve human rights ultimately,
because it will allow people to hold government to account. On the question of
oversight mechanisms, it’s true that early on at least, the
parliamentary oversight mechanisms in the UK only served to reinforce and
validate GCHQ’s position on this. The Intelligence
and Security Committee’s (ISC) first statement is laughable when you
go back and read it, when they talk about there being absolutely no way that
GCHQ has done anything wrong. Particularly when you compare it to the more
recent ISC report, which heavily criticised the Home Office and others for
contents of the IP bill.

You can see, then, the effects of politics on
parliamentary oversight communities, because that is the influence of Dominic
Grieve having led the ISC in more recent times and taking a much harsher
position towards the security forces. Whereas, under the leadership of Malcolm
Rifkind, there was a very close alignment with the interests of GCHQ.

That in itself illustrates the problem though of
parliamentary oversight mechanisms being the main ways in which intelligence
services are scrutinised. Some European countries are doing a far
better job with oversight. I know there is coordination between some countries,
like Belgium, the Netherlands and Luxembourg, when it comes to oversight of
intelligence. So Didier’s point is probably right, that there could be a
greater coordination of European oversight.

The UK aside, there are very strong post-hoc oversight mechanisms which are
very effective, but it is my sense that more attention needs to go into authorisation –
particularly moving to judicial authorisation – and the restraining of those powers in
the first place, rather than investing solely in retrospective oversight.

That’s a broad statement, and I wouldn’t want to stand by it necessarily in all
contexts - the UK, I think, could definitely improve its post-hoc oversight. But – and maybe this is an opinion I
have formed because I’ve seen so many members of the government wanting the
debate to go towards oversight rather than restraining powers – we need to
focus as much on restraining, and the lawfulness of surveillance powers to
begin with, as well as overseeing their implementation. So particularly in the
UK, I would like to see judicial authorisation of surveillance, warrants,
before they take place, rather than merely overseeing them afterwards.

RB: Is that
something to do with the predictive nature of the data mining that is going on?

CN: It’s predictive,
but it’s also because at the moment, it’s indiscriminate. It’s not targeted. Whereas if there was a requirement for judicial authorisation, any
judicial officer would see the problem with that more clearly than those who
are not really charged with looking at human rights or proportionality. They’re
not really charged with making that calculation. They’re really looking at
what’s a cost-effective way of doing this kind of surveillance. It may be more
cost effective to do it that way, so it’s important that there’s someone
looking at that: but it’s equally important for someone to be looking
at what are we trading off in that process. If you were to put a
judicial officer in charge of authorising warrants that had whole cities listed
on them or towns or even countries, I think most judicial officers would find it quite difficult to make that calculation.

So we’ve moved to a point where not only do you not need to
name anyone on your warrant and you don’t need to show any suspicion of that
person, that city, that town, you merely need to reference terrorism or online
child paedophilia as justification. We’ve lost what was originally
the calculation around reasonable suspicion or probable cause to put somebody
under that surveillance in the first place.

RB:What about
Germany and France ­– can I ask you about them? Because they were rather
shocked by being used by the Five Eyes rather than being welcomed on board.
What’s happening there?

CN: Those two
countries are polar opposites in many respects. Firstly, in Germany you have a
very long history of privacy protections, and we all know the
historical roots behind the German people’s rejection of the intrusion of state
power and of excessive power given to security services. In modern
jurisprudence, in the last 10 to 15 years, we have seen many cases in Germany
that have gone up to the European courts where individuals have tried to
restrain the power of intelligence agencies in Germany. They have quite a
strong oversight mechanism which can definitely be improved, but I think they
are exemplary in many respects. They did get some egg on their face during the process of the Snowden revelations, when, having come out very strongly
against the NSA because of the Merkel revelation, and taking the very laudable step of establishing an enquiry, it then came out in the course of that enquiry that they were in fact very closely enmeshed with the NSA…

RB:…and eager
to be even more closely enmeshed.

CN: Absolutely, so I
think they’ve gotten themselves into a slightly difficult position, politically, because they’re also leading the way at the UN in developing protections around
privacy in the digital age.

RB:It does show how
strong the undercurrent of this basic compulsion is: to be on the cutting
edge?

CN: I think that’s
right. I hesitate to get onto terrorism so early on in our conversation, but I
don’t think you can underestimate the power that the counter-terrorism debate
has had on the surveillance debate, and how closely enmeshed the two are. Which brings us to France, where I really think that is what you’ve seen in the last two years. France
had a long history, like the UK, of very secretive intelligence work. Their
intelligence agencies were not regulated by public legislation at all. It
wasn’t the Snowden revelations, but the Paris attacks which catalysed the
development of the law around intelligence in France, and the leaping forward
to far greater and more intrusive powers. The legislation they have passed in the
last two years is just as frightening as the Investigatory Powers bill. There
you’ve seen really just how strong a motivator terrorism is in trying to expand
state surveillance powers.

For example, one of the provisions that is in their legislation
now is the installation of black boxes on internet cables, which can be used to
filter in order to identify terrorist content. Now we don’t really know what
they mean by this, whether or not they’re putting together a list of words, that
includes ‘bomb’ and ‘kill’, for example, and then they’re filtering everybody’s Google
searches on the basis of those words. I personally don’t know the details of it. But I think that in France we have seen a much stronger leap forward in favour
of surveillance than we have in Germany, which I would say is
trying to rein things back. But it’s really the French experience of terrorism in the last
couple of years which is really pushing that legislation forward.

RB: How does that relate to the statements that we’ve had in the UK that extremists are
going to be monitored through Google speech mechanisms? Doesn't that put us in a similar category?

CN: It does. I would
say that the French narrative is being adopted just as quickly by British politicians
to justify an extension of British surveillance. This is really why this
issue is quite a complex one, because we are at a point where the threat of
terrorism – while, in my opinion, it continues to be overstated – has a unique
structure: being decentralised, and being home-grown I suppose. Rather than the threat coming from a foreign country, you are trying to identify burgeoning terror threats
within one’s country. That’s part of the very nature of being digital, in
the sense that there’s a range of tools available in terms of material acquisition that there weren’t even 10 to 15 years ago.

It’s a unique posture, the terrorist threat at the moment. It’s
in a unique place that positions it so that the answer from the security point
of view is for more surveillance. 15 years ago that wasn’t the case and
perhaps in another 10 years it will have changed again or been eliminated, so that it’s
no longer ripe for manipulation to justify these policies. But at the moment, it’s
a perfect storm. British politicians are able to point to the nature of
the Brussels attack or the Paris attacks, and say that the precise thing we
need to counter this is the greater monitoring of text messages, or the ability
to break encryption, because terrorists are using encrypted text messaging
services. It provides the perfect question to which they have the answer. So I
think that’s a really unique and complex part of the debate at the moment.

There are definitely ways to demonstrate that this is not the answer. One of the really
difficult things around the surveillance debate is effectiveness. How effective
actually are these tools in fighting terrorism? And then you go into
counterfactuals, because of course we haven’t had a terror attack in Britain
for the last ten years. Is there a causal relation between the lack of
terrorism attacks and the increase in surveillance? The government will say
yes. We have no way of proving otherwise.

RB:But it’s quite
interesting isn’t it, that some of the foremost whistleblowers who were
formerly working at the NSA have such a concerted line of argument about the sheer amount of
data being mined, and how this prevents you from actually being efficient in the pursuit of
terrorists. They argue that in fact it is old fashioned, really good undercover
policing that is decisive in that battle.

CN: That’s a really
good point. I’ve heard a lot of ex-police officers and others in law
enforcement say that in the past ten years, their budget has decreased for
human intelligence and investigatory policing while the budget for digital
surveillance has increased. Your point is exactly right, that things like the
Brussels and Paris attacks, and even Woolwich, serve to illustrate that perhaps
we’ve done ourselves a disservice by investing so much in digital surveillance, from a strictly utilitarian perspective, because police forces aren’t able to do
the type of policing which actually could have been decisive on those last
three occasions.

RB:Let’s move on to what’s going to happen next. What do you think are the key turning
points either in Britain or internationally, and in what state of preparedness are the forces
that are trying to defend our human rights?

CN: One of
the ways I’d cut it is to look at law and technology. In terms of the law, we have some real challenges ahead. We have new surveillance laws in
countries like Britain, in the Netherlands, in Switzerland, potentially
Finland, Denmark, France just recently, which really seek to expand existing
powers that are on the books and not necessarily to expand protections. So I think
we have a European trend towards legitimising greater surveillance in the law.

At the same time, and interestingly, we have a European trend towards stronger
European privacy regulation, particularly in the general data protection
regulation which was adopted early this year and which will come into force in
2017. There we see a pretty strong commitment to improving privacy protections
for consumers and for individuals. So if we compare those two trends – greater
surveillance powers amongst European states, but also stronger privacy
protections – we can see this exceptionalism for national security and law
enforcement, but also a real desire to protect privacy vis-à-vis companies and consumer issues. I think that’s an
interesting contrast.

You can probably cut that in a range of different ways around
European attitudes and different political interests pushing up against each
other, but one way to look at it is that national security issues will continue
to be an exceptionalist area of policy that allows for these powers to expand. The trends in Europe around surveillance are going to continue to be
mimicked and followed by countries outside of Europe.

One of the means by which that happens is through the use of
cyber-crime legislation to increase surveillance powers. One interesting
development in the law camp is that as cyber issues become more and more relevant
and part of public consciousness, we see cyber-crime and cyber-security as
broad policy justifications that are being rolled out to justify a range of
different things. The public is much more in tune to what cyber threats are, and how cyber-security might be relevant to them in a very real day-to-day sense,
and there’s a tendency to use precisely that to roll out a range of different
powers. One of the ways we see that in developing countries is the adoption
of cyber-crime legislation which is in fact surveillance legislation, or even
legislation which restricts certain speech online. So, for example, in a number
of countries in the Middle East, the cyber-crime legislation will contain restrictions
on whether or not you can criticise the government on the internet.

That’s a really interesting area of law and policy. It’s also
difficult because cyber-crime is a real threat, cyber-security is an important
policy driver and countries are very integrated in their concerns; it’s very
hard for the UK to protect its security without working with other countries
throughout the world on their cyber-security issues. So there’s a really strong
global driver for greater cyber-security policy and law. But at the same time, that’s being used by some countries as a shield for them to expand
their own surveillance and intrusions into online speech.

RB:Can we just
linger on online speech and this development that if you criticise the government or mainstream media, you could find yourself being monitored for 'extremism'. Will this monitoring of speech be an
international frontline that we’ll have to push back on, or do you think it
will be particularly acute in cases like Egypt?

CN: There's no doubt that the idea
of countering online extremism is becoming a very popular way to describe a
number of different policy initiatives, and I think we’ve seen right here in the UK
the way that the term 'extremism' can be used.

RB:You have said that you are worried about the homogenisation of culture, within that trend.

CN: Absolutely,
because of this idea that extremist speech is radical speech and that radical
speech is this speech that counters mainstream ideas, which we almost see
verbatim in UK policy documents. They don’t put it that plainly, but the material
given to the parents of children in schools, trying to educate parents about
what it looks like if your child is displaying extremist tendencies include: if
they disagree with mainstream media, if they show disapproval of mainstream
political ideologies. What underpins this must be a rejection of
radical ideas and radical thinking. That’s where I feel we are in fact
promoting homogenised cultural attitudes and political attitudes. It isn't necessarily the same concern that exists in countries like Egypt. But in the US and in the UK we see this used to counter violent extremism very
strongly.

RB:Moreover, hate
speech legislation has a similar effect, because you can never
answer the question of who decides where to draw the line. So maybe this is part of a much more general undermining of pluralist politics, with its sense that security in a democracy is guaranteed by the very fact that you can raise very alternative
views? If this is the case, it should surely feed into some kind of international solidarity with
countries where you simply can’t criticise the government at all, as in
Egypt or Turkey. What relation do you see, if any, between the authoritarian, illiberal
societies and democracies on those sorts of themes? Because we can be really complacent, can't we, that we’re not going to be in the same kind of
trouble?

CN: If
you look at different regional and geopolitical arrangements, you see different
countries taking different positions on this. So in the US and the UK you see
content restrictions or speech restrictions are only justifiable in the name of
countering extremism or countering terrorism. But they’re beyond the pale,
particularly in the US, in all other circumstances: the first amendment is so
strongly embedded into cultural ideology there.

In the UK, you have slightly more willingness to control
speech, under the ambit of terrorism and countering extremism. But when it
comes to hate speech in the UK, you have quite a strong rejection of what in
Europe is much more commonplace; countering and even criminalising xenophobic
and racist hate speech is much more welcome in Europe – to the extent
of additional protocol to an international convention called the Budapest
convention on cybercrime. That convention is signed by 50 countries around the
world, including the US. But there’s an additional protocol on banning racist
and xenophobic hate speech, and the UK and the US are not part of that.

Then when you look at what we consider, more willingly, as
authoritarian or totalitarian governments, there the restrictions are less
about countering hate speech and extremism, and more about protecting power and
preventing speech which undermines power. There is much more of a black and
white problem there around the content restrictions on speech which in any way might
threaten government power. These are used very heavy-handedly and are clearly
interferences in freedom of expression. Whereas hate speech sits in a very
murky place in international human rights. Certainly hate speech which amounts
to inciting violence should be banned under law.

RB:That’s the only
clear part of it. The rest of it is murky indeed.

CN: Exactly. So I
think that we see every country in the world struggling with this, such that
there are types of expression which may not be acceptable in every society. The questions we need to grapple with though are: what role should the law
play with respect to that expression? And how does the internet change things,
how does it make it more complicated? Because it enables speech to be more
quickly disseminated and also speech outside one’s society to enter your
society.

Maybe it can also bring the temperature down in the debate, because a lot of
people say that the way they counter hate speech is with more speech. So, we do see
the internet playing that role. You can find any number of horrendous
statements online, but because of the very volume of information available, some of
it is drowned out. I think it’s a really complex debate which deserves to continue.

Adding a layer of complexity, we have things like the right to
be forgotten: the idea that you should be able to protect your reputation
online by having things that are out-dated or irrelevant or excessive removed
or at least disassociated with your name on the internet. In a way, it’s
another form of content restriction, we’re kind of working out what the limits
of that are. And again we see a big difference between the US where there’s a
very fundamental opposition to any type of right to be forgotten or right to
erasure, really coming from a 'free expression' point of view. And again, European
attitudes are different in that respect.

This is a veritable minefield when
you talk about what speech is acceptable and where, and how you can address it
with law. There was a case a couple of years ago of an anti-Semitic hashtag
that was being used by French Twitter users, and there was a lawsuit against
Twitter in California, that they should be blocking the use of this hashtag. And
Twitter said, "we’re not taking anything off the internet." They very much had an
American free speech attitude, and the French had very little power over this
Californian organisation. So these ideas of jurisdiction are really problematic
at the moment.

RB:How could one turn
that into a positive debate? Because, ideally, this is an opportunity for very
different angles and nuances on an issue to be brought forward.

CN: Human rights law
aspires to be specific enough to give people concrete rights, but general
enough to be able to be implemented in different countries in different
cultural circumstances. So as a human rights lawyer, I would say we should be
able to find common ground in human rights law that unites us. I don’t think we
can ask for anything more in terms of international law at the moment; I don’t
think we could have, for example, an international convention which goes into
detail on speech, and which types of speech are acceptable and which aren’t. At the end of the day, law is politics, particularly international law,
and I’m not sure you’d want to open up such a debate to a political fight.

From a human rights perspective, we’re better off using the
tools we have currently to try and find guidance in international human rights
law. There is an ongoing fluid conversation and law is a social instrument. It’s a
living instrument. It has to change as social attitudes change. We need to
leave it open for debate. I don’t think that’s a negative approach. It’s a positive stance to say we have the tools that we need to have in
human rights, we just need to continue to engage in international conversation
about these things.

On the other side of that, there is some convergence
internationally around some things. So if you look at data protection law, you
see Europe taking a really strong lead, and that’s filtering out to many other
countries, really through necessity and economic drivers, because you have
European companies that want to send data to the Philippines, for example, and
then we saw the Philippines adopt data protection laws that were of equal
strength to Europe. So we see some international convergence
on protection rights like that as well.

RB:What are the things
to look out for in the fight-back?

CN: I’m a lawyer and
I’ve always been in a position where law is the tool that we need to use to
protect digital rights and to solve these complex issues. But I’m increasingly
of the opinion that technology can provide some of the solutions that we’re
after, particularly when it comes to encryption and how encryption interacts
with privacy and data protection. And we’ve seen that in the last year or two,
really at the forefront of current affairs and political debate, particularly
in the case of the Apple and FBI encryption scandal. We’ve seen a number of
companies stepping up to extend the encryption that they offer in a way that
provides really tangible gains in terms of privacy and digital rights.

So a company like WhatsApp, that hundreds of millions of people
use around the world, has now provided end-to-end encryption which means that
people, governments, cyber-criminals cannot intercept your text messages.
That’s a really tangible advancement for shoring up digital rights around the
world. It is at risk, but I think at the end of the day it will triumph and we
will see a greater roll out of encryption so that it becomes more of a standard
part of our interaction with the internet and with technologies, and starts to
destabilise some of the even more pernicious surveillance apparatuses out
there. They will become less effective as technology provides the
answers to privacy problems.

RB:So you think
this demand of governments that they should have backdoors to encryption is
going to be stopped?

CN: I think so. There was never really a strong push for that. What we should be
more concerned about is the Apple-FBI example, where they’re using hackers and
others to get around the technologies. But this idea that
governments will push for legislation requiring backdoor access won't come to
fruition, simply because it’s not in the interests of any government around the
world to weaken security across the board. As I said before, cyber-security is
still a huge policy driver for governments as well – protecting their national
infrastructure, protecting the infrastructure of banks in the City of London is
a huge driver for governments and for British security agencies. GCHQ spends
half its time doing surveillance and half its time protecting the companies and
the government, so at the end of the day they’re not interested in
pushing for anything that undermines that security either.

In terms of the fight
ahead, I see some shining lights in terms of technological advancements that
assist in the fight. Broader constituencies and the involvement of a
greater range of activists, groups and segments of society is really the key to digital rights becoming more mainstream and enjoying more
support. I see in the space of five years an immense change in how your average
man on the Clapham omnibus can understand and talk about these issues, about
how people’s own experiences with privacy are changing, and their
experiences with the internet. People are much more attuned to the very real
need for greater privacy and the protection of speech online. I see a lot of
promise in how many groups, how many media sources and how many segments of
society are coming together on some of these issues.

RB:And is
technology becoming better at articulating itself in ways that lawyers and the
general public might understand?

CN: That remains a
challenge. Again, the fact that they’ve now included coding in their curriculum
from the age of five is an amazing – if not terrifying – advance, and in the long-term that’s going to make all the difference to helping ordinary people be much more conversant with technology. It will give people much
more agency over how they use technology and where their data goes. In
the long term, that will really breed a new ideology around freedom of speech
and privacy on the internet which will allow people to control their data, and control their own experiences online. For such a long time, we were really
helpless in the hands of Google and Facebook, and I don’t think that that’s the
future. We are becoming more empowered to make choices.

RB:Let me give you
three harbingers of the future: trading
algorithms on the stock exchange, the transfer of digital data by means of
packet-switching, smart cities. Thinking of robotics and the internet, I can't help wondering to what extent the general
public are always destined to be fighting the last battle, rather than the next one?

CN: Most of those things you listed are already commonplace and even with the
internet and with smart cities, you’d be surprised at the extent to which your
home is already transmitting data. But it’s true that the law struggles to keep up with
technology and social debates. I still think the law has a large
role to play, but if you look at data protection regulation, it took five
years to negotiate the data regulation. It’s a strong piece of law, but there’s
the risk it will again be out-dated in the next five years. People say the same
things about the Investigatory Powers bill of course, that it’s written for
today’s capabilities.

I do think that that’s why ensuring that human rights are socialised
amongst the people who are building the technology is a really important goal. So
having technologists understand the human rights implications of the
technological choices they make, could have a real impact on the direction that
technology goes. Of course the thing on everybody’s lips at the moment is
bitcoin and the block chain. This is essentially a human rights facilitating
technology – it secures transactions and it provides anonymity and privacy. I
think as long as we have innovators like that involved in the development of
technology, as long as they see the social impact of technological choices,
then we could see some positive developments.

Nevertheless, there are always going to be dark forces, particularly when it comes to things that make people money. That’s why we
can’t rely on technology alone to protect human rights. We do need the law and
policy around the technology to restrain power, and I’m not sure that I have a
solution for how the law could keep up with technology, other than to just make
everybody more technologically savvy: politicians, MPs, lawyers, judges.

And
ensure that we’re all looking forward at all points. But the law is the
lumbering beast that is not always going to keep up with technological change.
I guess if we take that long view, there is a kind of leap-frog effect that is
just going to continue to happen, that technology will continue to happen, and the
law will catch up, eventually.

RB:Is there anything
going on at the UN, anything anyone ought to look to the Council of Europe to
do, or any other particular institutional moment in the next year that we ought
to be looking out for?

CN: The UN is at a bit of a wait-and-see moment. The special rapporteur on
privacy was appointed last year. He presented his first introductory report in
March and he has a three-year mandate in which he will be investigating these
issues and pronouncing on them. So we should see how that process
goes. My sense is that there is a lot of international attention being directed
toward the Investigatory Powers bill, and that will be some kind of line in the
sand when it is adopted, which I expect will be in November. That’s important,
not only for the UK, but globally.

RB:Yes, you were
saying that Pakistanis were writing to you and saying that ‘if this one goes
through, we’ve had it’.

CN: Absolutely. They’re
dealing with their own cybercrime law at the moment, which is basically a
Trojan Horse for a range of different surveillance laws.

So there’s definitely international attention on what’s
happening here in the UK. The other institution we’re looking towards is not
the Council of Europe but the Court of Justice of the European Union, which
will give its opinion on the David Davis and Tom Watson case in August.
This was brought by these two UK MPs against the data retention laws here in
Britain. The European Court of Justice invalidated data retention in Europe,
and then the UK brought new legislation reintroducing data retention after the
Court of Justice had basically outlawed it. So of course that raised the ire of
some MPs here, who took the case to court. It’s been expedited by the European
Court of Justice and if they, as we hope and expect, basically invalidate the
British law, that will have a big ripple effect on the Investigatory Powers
bill.

RB:It might push us
out of Europe?

CN: Well another
fascinating part of this whole debate is how intertwined it is in many respects
with the European debate. At the moment, the last bastions of hope around the
Investigatory Powers bill are the Court of Justice and the European Court of
Human Rights, and one is associated with Brexit and the other with a campaign
for a new bill of rights here in the UK, and exit from the European Court.
Should either of those campaigns make any headway this year, I think that will
also destabilise the debate around surveillance, because we’re waiting
on this decision from the Court of Justice. There’s also the decision of the
Strasbourg court due on the legality of mass surveillance, and we expect
that that will come later this year.

So there’s quite an interesting timing question about when the
decisions from the European courts will come. How will it affect the
legislative process?

RB:Earlier you were commenting on real differences in British and continental
attitudes. Now you’re talking about a whole political terrain – things to play
for in this direction, other things to play for in that...

CN: Exactly. I don’t
want to overstate the cultural differences between Britain and Europe, because
I’m also of the opinion that there is a very strong tie between Britain and
Europe. But we’ve seen, interestingly, in the Court of Justice and the
Davis-Watson case – there’s one German judge on the bench who has publicly
expressed to the media his own dissatisfaction with the UK’s laws, and his own
commitment to privacy. So there’s even an interesting political thing happening
in the court there. Again, it’s really a perfect storm this year in the UK
with Brexit, the IP bill and forthcoming decisions. It’s anyone’s game.

About the authors

@carlynyst
is an independent consultant and expert on human rights and technology.

Rosemary Bechler is a mainsite editor of openDemocracy, and a member of the coordinating committee of DiEM25.

This article is published under a Creative Commons Attribution-NonCommercial 4.0 International licence.
If you have any queries about republishing please contact us.
Please check individual images for licensing details.

Do you care about online rights? digitaLiberties needs your support to keep publishing alternative perspectives on surveillance, net neutrality and privacy. Please help by donating whatever you can.